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CLAIMS 

1 . A method of validating software for hardware, comprising: 
authenticating a certificate with a first public key; 

obtaining a signature generated for the software, a first identifier for the 
software, and a second identifier for the hardware, wherein the signature is generated 
using cryptography and is used to validate an association of the software with the 
hardware; and 

validating the signature with a second public key from the certificate, wherein 
the association of the software with the hardware is validated if the signature is 
validated. 

2. The method of claim 1, wherein the software is executed by the hardware 
only if the association is validated. 

3. The method of claim 1, wherein the validating the signature includes 
hashing information for the software, the first identifier, and the second 

identifier to obtain a first digest, 

decrypting the signature with the second public key to obtain a second digest, 

and 

comparing the first digest against the second digest, and wherein the signature is 
validated if the first digest matches the second digest. 

4. The method of claim 3, wherein the validating the signature further 
includes 

hashing the software to obtain a third digest used as the information for the 
software. 

5. The method of claim 1, wherein the signature is generated using a 
cryptography scheme that includes Hash-based Message Authentication Code (HMAC). 

6. The method of claim 1, wherein the first identifier is a software release 
version number. 
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7. The method of claim 1, wherein the hardware is an integrated circuit of a 
specific design. 

8. The method of claim 1, wherein the second identifier is a hardware serial 
number or a part number. 

9. An apparatus operable to validate software for hardware, comprising: 
a first storage unit configured to store a first public key; and 

a processor operative to 

authenticate a certificate with the first public key, 

obtain a signature generated for the software, a first identifier for the 
software, and a second identifier for the hardware, wherein the signature is generated 
using cryptography and is used to validate an association of the software with the 
hardware, and 

validate the signature with a second public key from the certificate, 
wherein the association of the software with the hardware is validated if the signature is 
validated. 

10. The apparatus of claim 9, wherein the first storage unit is further 
configured to store the second identifier for the hardware, and wherein the processor is 
further operative to 

hash information for the software, the first identifier, and the second 
identifier from the first storage unit to obtain a first digest, 

decrypt the signature with the second public key to obtain a second 

digest, and 

compare the first digest against the second digest, and wherein the 
signature is validated if the first digest matches the second digest. 

1 1 . The apparatus of claim 9, further comprising: 

a second storage unit configured to store boot code executed by the processor to 
authenticate the certificate and validate the signature. 
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12. The apparatus of claim 11, wherein the first and second storage units and 
the processor are implemented within an integrated circuit. 

13. The apparatus of claim 9 and implemented within a wireless 
communication device. 

14. An apparatus operable to validate software for hardware, comprising: 
means for authenticating a certificate with a first public key; 

means for obtaining a signature generated for the software, a first identifier for 
the software, and a second identifier for the hardware, wherein the signature is 
generated using cryptography and is used to validate an association of the software with 
the hardware; and 

means for validating the signature with a second public key from the certificate, 
wherein the association of the software with the hardware is validated if the signature is 
validated. 

15. The apparatus of claim 14, wherein the means for validating the 
signature includes 

means for hashing information for the software, the first identifier, and the 
second identifier to obtain a first digest, 

means for decrypting the signature with the second public key to obtain a second 
digest, and 

means for comparing the first digest against the second digest, and wherein the 
signature is validated if the first digest matches the second digest. 

16. A method of associating software with hardware, comprising: 
obtaining a first identifier for the software; 

obtaining a second identifier for the hardware; and 

generating a first signature for the software, the first identifier, and the second 
identifier using cryptography, wherein the first signature is used to validate an 
association of the software with the hardware. 

17. The method of claim 16, further comprising: 
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receiving a digest obtained by hashing the software, and wherein the first 
signature is generated over the digest, the first identifier, and the second identifier. 

18. The method of claim 16, wherein the first signature is generated using a 
cryptography scheme that includes Hash-based Message Authentication Code (HMAC). 

19. The method of claim 16, further comprising: 

providing a certificate containing a first public key and a second signature, the 
first public key corresponding to a first private key used to generate the first signature, 
and the second signature being generated over the first public key with a second private 
key for an entity generating the second signature. 

20. The method of claim 16, further comprising: 
receiving from an entity a request for the first signature; and 
authenticating the entity prior to generating the first signature. 

21. The method of claim 16, further comprising: 

determining whether or not association of the software with the hardware is 
permitted, and wherein the first signature is generated only if the association is 
permitted. 

22. The method of claim 21, wherein the determining is based on a 
configuration table of permitted associations between at least one version of software 
and at least one platform of hardware. 

23. An apparatus operable to associate software with hardware, comprising: 

a communication unit operative to obtain, from a code generator entity, 
information for a software code, a first identifier for the software, and a second 
identifier for the hardware; and 

a controller operative to generate a signature for the software, the first identifier, 
and the second identifier using cryptography, wherein the signature is used to validate 
an association of the software with the hardware. 
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24. The apparatus of claim 23, wherein the controller is further operative to 
determine whether or not association of the software with the hardware is permitted, and 
to generate the signature only if the association is permitted. 

25. The apparatus of claim 23, wherein the controller is further operative to 
authenticate the code generator entity prior to generating the signature. 

26. The apparatus of claim 23, further comprising: 

a memory unit operative to store a configuration table of permitted associations 
between at least one version of software and at least one platform of hardware, and 
wherein the controller is further operative to determine whether or not the association of 
the software with the hardware is permitted based on the configuration table. 

27. An apparatus operable to associate software with hardware, comprising: 
means for obtaining a first identifier for the software; 

means for obtaining a second identifier for the hardware; and 

means for generating a first signature for the software, the first identifier, and the 

second identifier using cryptography, wherein the first signature is used to validate an 

association of the software with the hardware. 

28. The apparatus of claim 27, further comprising: 

means for receiving from an entity a request for the first signature; and 
means for authenticating the entity prior to generating the first signature. 

29. A method of associating software with hardware, comprising: 
providing information for the software; 

providing a first identifier for the software; 
providing a second identifier for the hardware; 

receiving a signature generated for the software, the first identifier, and the 
second identifier, wherein the signature is generated using cryptography and is used to 
validate an association of the software with the hardware; 

receiving a certificate containing cryptographic information used to validate the 
signature; and 
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forming an image comprised of the software, the signature, and the certificate. 

30. The method of claim 29, further comprising: 

hashing the software to obtain a first digest, and wherein the first digest is 
provided as the information for the software. 

31. The method of claim 30, wherein the signature is generated using a 
cryptography scheme that includes Hash-based Message Authentication Code (HMAC), 
and wherein the HMAC receives the first digest, the first identifier, and the second 
identifier as inputs and provides a second digest used to generate the signature. 

32. An apparatus operable to associate software with hardware, comprising: 
a communication unit operative to 

provide information for the software, a first identifier for the software, 
and a second identifier for the hardware, 

receive a signature generated for the software, the first identifier, and the 
second identifier, wherein the signature is generated using cryptography and is used to 
validate an association of the software with the hardware, and 

receive a certificate containing cryptographic information used to 
validate the signature; and 

a controller operative to form an image comprised of the software, the signature, 
and the certificate. 

33. The apparatus of claim 32, wherein the controller is further operative to 
hash the software to obtain a digest that is provided as the information for the software. 

34. An apparatus operable to associate software with hardware, comprising: 
means for providing information for the software; 

means for providing a first identifier for the software; 
means for providing a second identifier for the hardware; 

means for receiving a signature generated for the software, the first identifier, 
and the second identifier, wherein the signature is generated using cryptography and is 
used to validate an association of the software with the hardware; 
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means for receiving a certificate containing cryptographic information used to 
validate the signature; and 

means for forming an image comprised of the software, the signature, and the 
certificate. 

35. The apparatus of claim 34, further comprising: 

means for hashing the software to obtain a first digest, and wherein the first 
digest is provided as the information for the software. 
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